Hi all...this is a great forum,
In one of my posts, someone tell me that is more secure use input function
with 'A field-width specifier'...
So my question, which function i should use ?.
"scanf("%s",sta rt->acNome);" guarantee for hackers to kontaminate your mashine with >>viruses of any
kind. Don't use scanf or buffer overflow >>ruins your mashine.
Best regards..all..a nd have a nice day(scholastic phrase :-))).... 11 5929
wrote: Hi all...this is a great forum, In one of my posts, someone tell me that is more secure use input
function with 'A field-width specifier'... So my question, which function i should use ?.
"scanf("%s",sta rt->acNome);"guarantee for hackers to kontaminate your mashine with >>viruses of
any kind. Don't use scanf or buffer overflow >>ruins your mashine.
Best regards..all..a nd have a nice day(scholastic phrase :-)))....
The general convention is to use fgets rather than scanf to enter
strings.
--
ISA
wrote: Hi all...this is a great forum, In one of my posts, someone tell me that is more secure use input function with 'A field-width specifier'... So my question, which function i should use ?.
"scanf("%s",sta rt->acNome);"
scanf is fine for string input, and easy,
once you've seen how it's done.
In new.c, input characters beyond LENGTH, will be discarded.
rc can be assigned a value of EOF or 0 or 1.
If rc equals 1, then you have a string in 'array'.
If rc equals 0, then the line which was read,
only had a newline character,
and there is not guaranteed to be a string in 'array'.
If rc equals EOF, then you have an input failure occuring
before any conversion,
and there is not guaranteed to be a string in 'array'.
/* BEGIN new.c */
#include <stdio.h>
#define LENGTH 100
#define str(x) # x
#define xstr(x) str(x)
int main(void)
{
int rc;
char array[LENGTH + 1];
fputs("Enter any string: ", stdout);
fflush(stdout);
rc = scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);
if (!feof(stdin)) {
getchar();
}
while (rc == 1) {
printf("Your string was %s\n", array);
fputs("Enter any string to continue, "
"or just hit the Enter key to end the program: ",
stdout);
fflush(stdout);
rc = scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);
if (!feof(stdin)) {
getchar();
}
}
return 0;
}
/* END new.c */
--
pete
"" <> wrote: Hi all...this is a great forum, In one of my posts, someone tell me that is more secure use input function with 'A field-width specifier'...
Not just _more_ secure; using a field width specifier is the _only_
secure input choice. Well, there's fgetc() and related functions, but
you can think of them as having a built-in, unchangeable field width
specifier of 1.
So my question, which function i should use ?.
Any but gets(), _but_ use them correctly.
"scanf("%s",sta rt->acNome);"guarantee for hackers to kontaminate your mashine with >>viruses of any
kind. Don't use scanf or buffer overflow >>ruins your mashine.
That's too strong. scanf() _as used above_ is guarantee to get you a
buffer overflow problem one happy day. scanf() is no problem when used
correctly, i.e., _with_ a field specifier. For example, if start->acNome
is 20 chars long, scanf("%19s", start->acNome); is safe.
I'd advise against scanf(), but only because it is tricky to use
correctly with any except predictable-width data, and %s does not do
what most newbies think it does. fgets() is much easier to use, and has
the advantage that it _requires_, not just allows, you to specify a
maximum input width.
Richard
Thanks all, but i've problem to understand use of operator '#' in the
input.c example from pete.
I know that '#' it's used to make a conversion in a string but why i must
use two define rather then one ?.
this work correctly:
#define str(x) # x
#define xstr(x) str(x)
rc=scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);
...but if i put only one define:
#define xstr(x) # x...this don't works.
Sorry for my question..:-)
Thanks all, but i've problem to understand use of operator '#' in the
input.c example from pete.
I know that '#' it's used to make a conversion in a string but why i must
use two define rather then one ?.
this work correctly:
#define str(x) # x
#define xstr(x) str(x)
rc=scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);
...but if i put only one define:
#define xstr(x) # x...this don't works.
Sorry for my question..:-)
Now i know why macro define is call two times..the first
make the substitution of the 'LENGTH' define value and the second
concatenate...
But now, why i can't use:
#define explode_macro(x ) #x
int main....
char acMessage[10+1];
This macro below has an undefined behavior.
printf("%%"expo lde_macro(10)"s ");
If i miss one of the two '%' i can't see anything.
But if i place two i can see correctly:
$10s....
so, once execute the scanf:
scanf("%%"expol de_macro(10)"s" ,acMessage);
when i print out the value of acMessage i receive only
garbage....
Why ???
Hi another...:-)
In <10************ **********@c13g 2000cwb.googleg roups.com> "Minti" <mi************ @yahoo.com> writes: wrote: Hi all...this is a great forum, In one of my posts, someone tell me that is more secure use input function with 'A field-width specifier'... So my question, which function i should use ?.
"scanf("%s",sta rt->acNome);" >>guarantee for hackers to kontaminate your mashine with >>viruses of any kind. Don't use scanf or buffer overflow >>ruins your mashine.
Best regards..all..a nd have a nice day(scholastic phrase :-)))....
The general convention is to use fgets rather than scanf to enter strings.
There is no such general convention that I'm aware of. scanf is far
better for this job than fgets. It could have been even better if it
had the printf * feature, but this can be worked around in the rare cases
when it's *really* needed.
Dan
--
Dan Pop
DESY Zeuthen, RZ group
Email: Da*****@ifh.de
Currently looking for a job in the European Union
On Wed, 20 Oct 2004 11:31:21 -0400, "lasek" <cl************ **@acrm.it>
wrote: Thanks all, but i've problem to understand use of operator '#' in the input.c example from pete. I know that '#' it's used to make a conversion in a string but why i must use two define rather then one ?.
this work correctly:
#define str(x) # x #define xstr(x) str(x)
rc=scanf("%" xstr(LENGTH) "[^\n]%*[^\n]", array);
..but if i put only one define: #define xstr(x) # x...this don't works.
Sorry for my question..:-)
This has been explained before (you can search the archives at www.google.com) but the explanation can be complicated for someone,
like us, not intimately familiar with the details of the standard,
sort of like quantum mechanics.
An easier approach is to run some samples through your compiler with
the options set so you can review the output of the pre-processor. In
this way you can see what is generated for each of the constructs you
code and why one approach works and another doesn't. Try it with both
numeric constants and #define names.
<<Remove the del for email>>
On Wed, 20 Oct 2004 11:31:21 -0400, "lasek" <cl************ **@acrm.it>
wrote: Thanks all, but i've problem to understand use of operator '#' in the input.c example from pete. I know that '#' it's used to make a conversion in a string but why i must use two define rather then one ?.
FAQ 11.17, at the usual places and http://www.eskimo.com/~scs/C-faq/top.html
- David.Thompson1 at worldnet.att.ne t This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Teh Charleh |
last post by:
OK I have 2 similar programmes, why does the first one work and the second does
not? Basically the problem is that the program seems to ignore the gets call if
it comes after a scanf call. Please anything even a hint would be really
helpful, I cant for the life of me see why the 2nd prog wont work...
gets before scanf
code:---------------------------------------------------------------------
|
by: Eric Boutin |
last post by:
Hi ! I was wondering how to quickly and safely use a safe scanf( ) or gets
function... I mean.. if I do :
char a;
scanf("%s", a);
and the user input a 257 char string..
that creates a problem.. same for gets..
even if you create a char array that's 99999999999999 char long.. if the
user input something longer it will still be a bug.. and I don't want
|
by: moosdau |
last post by:
my code:
do
{
printf("please input the dividend and the divisor.\n");
if(!scanf("%d%d",&dend,&dor))
{
temp1=1;
fflush(stdin);
}
else
|
by: Martin Jørgensen |
last post by:
Hi,
Consider:
------------
char stringinput
..bla. bla. bla.
do
{
|
by: iwinux |
last post by:
Hi.
Before I use scanf(), I must malloc the memory for it, like this:
//Start
char * buffer;
buffer = malloc(20);
scanf("%s", &buffer);
//End
| |
by: john |
last post by:
I'm trying to use scanf() to get a string that is terminated by a
$sign:
Reading a file line that has: account number, name (terminated by
$sign) and six numbers:
000001 John Doe$ 4 5 6 7 8 9
I'm trying to read it in like so:
int ret, acct, c1, c2, c3, c4, c5, c6;
|
by: stasgold |
last post by:
Hello.
I maybe reinvent the weel ...
I'm trying to read positive integer number with the help of scanf, if
the input value is not positive number but negaive one zero or char , i
have to reread the input until I get the needed pos. number
I wrote the code , but it doesn't work the way it should : if i put
some char into input, the program goes infinite loop instead of
promting me to enter a new value.
|
by: Xavoux |
last post by:
Hello all...
I can't remind which function to use for safe inputs...
gets, fgets, scanf leads to buffer overflow...
i compiled that code with gcc version 2.95.2, on windows 2000
char tmp0 = "ABCDEFGHI\0";
char buff; /* Input buffer. */
char tmp1 = "ABCDEFGHI\0";
|
by: jayapal |
last post by:
Hi all,
Whenever I use the gets() function, the gnu c compiler gives a
warning that it is dangerous to use gets(). why...?
regards,
jayapal.
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |